Revisiting The DAO

Abstract: In this piece we revisit “The DAO” and the events following its failure. We analyse what happened to the various buckets of funds inside The DAO, on both sides of the chainsplit which it caused. We identify US$140 million of unclaimed funds still inside what is left of The DAO.

Key points

The DAO hacker appears to control tokens worth approximately US$60 million.

There are currently around US$140 million of unclaimed funds still inside The DAO withdrawal contracts.

In June 2017, the US Dollar value of funds unclaimed inside The DAO was higher than the value of the amount initially raised in May 2016.

A deadline is approaching, 10 January 2018, after which some of the funds, around US$26 million, may no longer be available to be claimed.

In the early summer of 2016, one project generated a substantial amount of excitement and buzz in the crypto space, “The DAO”. DAO stands for Decentralized Autonomous Organization, and to the confusion of many, “The DAO” consumed that entire moniker for itself. The DAO was to be an autonomous investment fund, investing in projects determined by the token holders. The fund was to be governed by a “code is law” philosophy, as opposed to the centralized top down control mechanisms in traditional investment funds, where key individuals matter.

Many believed this novel approach would lead to superior investment returns. Although it is a unique and potentially interesting approach, in our view, expecting strong investment returns at this point may be somewhat naive.

The fund raised Ethereum tokens worth approximately US$150 million at the time, around 14% of all the ether in existence, with investors presumably expecting spectacular returns. The downside risk was expected to be minimal or zero, since one was supposed to be able to withdraw one’s Ethereum from The DAO, whenever one wished. In reality, doing so was a complex and error-prone process.

Problems with The DAO

As it turns out, The DAO was fundamentally flawed on several levels, as many in the Ethereum Foundation pointed out before the exploit was discovered. For instance:

EconomicIncentives – The incentive model of the project was poorly thought out. For example there was little incentive to vote “no” on investment proposals, since “no” voters became invested in approved projects. Those that did not vote did not become exposed to the project. Additionally, there was no stated enforcement mechanism for successful projects to contribute profits back into The DAO.

Token viability – When projects were created, it would have end up creating new classes of DAO tokens, such that each class was entitled to different risks and rewards. This would mean the tokens would not be fungible, an issue poorly understood by exchanges and the community.

Buggy code – The code did not always implement what was described or intended. The smart contract code did not appear to be reviewed adequately. The coders did not appear to fully grasp its language, Solidity, nor some of the states the contract could reach.

A few weeks after the conclusion of the token sale, a “hacker” managed to find an exploit in the code, enabling them to potentially access The DAO’s funds, by draining the main pool of funds into a child DAO in which the hacker potentially had significant control. This then led to an Ethereum hardfork, to attempt to prevent the hacker from accessing the funds and to return the funds to the initial investors. Since some in the Ethereum community were unhappy about this, it lead to the chain split between ETH and ETC.

In this piece we will:

Describe the relationships between the main actors involved in The DAO,

Revisit the key events surrounding Ethereum’s DAO hardfork,

Explore the movement of ETH and ETC funds inside The DAO, and

Speculate on what will happen to the unclaimed funds.

The main groups and individuals related to The DAO

Network map of the main groups and the individuals involved in The DAO

Sources: BitMEX Research, Full sources provided in the table below
Notes: There are other Ethereum foundation members with no association to The DAO, which are excluded from the above mapping. Blue circles represent individuals; while yellow circles represent organisations.

A “Child DAO” can be “split” from the main DAO as part of the The DAO’s governance process, similar to a spin-off company.

The splitting process was exploited by the hacker using a recursive call exploit, which drained more funds from the parent DAO than intended. The owner of a newly formed Child DAOs cannot withdraw those funds immediately; they have to wait for a voting period to end before securing those funds and being able to freely transfer them.

This voting period gave the Ethereum community a window of opportunity to attempt to reclaim the funds by attempting to exploit the hacker’s Child DAO using the same vulnerability. This, however, may have resulted in perpetual splitting and a “DAO War”, whereby the funds would be stuck in limbo forever as long as neither the hacker nor RHG gave up. This process could be easily scripted so would not take much effort on either side.

One way to solve this would be the implementation of a softfork to censor the hacker’s transactions, preventing him/her from participating in this war and quickly allowing the funds to be recovered.

Date

Event

Movement of Funds

21 June 2016

RHG begin “DAO Wars” and are able to to recover a majority of the funds
(Source: Reddit)

c8.1 million pre-fork ETH Drained into the RHG’s Child DAOs using the same vulnerability

At this point, the RHG have managed to secure around 70% of the funds by exploiting other Child DAOs, but in order to guarantee the ability to reclaim the remaining c30% (around 3.6 million pre-fork ETH), a hardfork is the only possibility. Moreover, the softfork proposal was found to have critical security vulnerabilities and was quickly scrapped.

Date

Event

Movement of Funds

20 July 2016

Hardfork is implemented, effectively undoing the effects of The DAO hack and making DTH whole on the forked ETH chain. Implemented via two withdrawal contracts.
(Source: Ethereum Foundation, The Ethereum Wiki)

c11.5 million post-fork ETH returned to DAO withdraw contract and can be claimed by DTH based on their current DAO token balances

20 July 2016

ETC, the ‘not-forked’ chain continues to be mined

The RHG and The DAO hacker will eventually have access to ETC in Child DAOs

After the fork, there are two chains in parallel universes. One, ETH, where the hack is undone, and one ETC, where the hack remains. The RHG have still secured around 70% of the ETC, and could have continued the attack on the ETC chain using the aforementioned ‘DAO wars limbo’ strategy, but decide not to. To refund DTH on the ETH chain, a withdrawal contract is used, which DTH must call to claim their ETH.

Bity announce that the first version of “Whitehat Withdrawal Contract” is published
(Source: Bity)

c4.2m ETC transferred from WHG to the withdrawal contract, c0.6 million claimed by DTH. DTH are entitled to receive funds based on their DAO token balance at the time of the harfork, not the current token balance as is the case for ETH.

30 Aug 2016

Bity announce that second version of “Whitehat Withdrawal Contract” is published
(Source: Bity)

c3.8 million ETC transferred from old contract to new contract

6 Sept 2016

Bity announce that the remaining ETC (including that which was attempted to be traded on exchanges, and some from matured Child DAOs) is transferred to the Whitehat Withdrawal Contract
(Source: Bity)

c4.3 million ETC transferred from WHG exchange accounts and multisig into withdrawal contract.

During the time these trades were made, the price of ETC dropped in value relative to ETH, BTC and/or EUR, causing the trade back into ETC to yield an additional 700,000 of ETC that was added to the Whitehat Withdrawal Contract. The exact details of these on-exchange swaps were not made public.

One feature of the Whitehat Withdrawal Contract is that a limit is set for the ETC funds to be withdrawn (originally set to 3 months, expiring on 30th January 2017). Due to a large proportion of the funds not being claimed within the 3 months given, this period was extended twice:

As the chart above illustrates, at the Ethereum price peak in July 2017, the US Dollar value of unclaimed Ethereum inside DAO withdrawal contracts was even higher than the US$150 million initially raised.

Withdrawal Contract “Gotchas”

Whilst the notion of a withdrawal contract sounds binding, all of the unclaimed funds are still in the control of the owners of those contracts.

Safety Hatches

All of the three withdrawal contracts have ‘safety hatch’ mechanisms, meaning the ‘owners’ of these contracts have the ability to withdraw all of the funds at any time.

Whilst The DAO Curators have not indicated this is planned, it may be tempting to appropriate these funds if it is deemed that no more withdrawals will take place. The WHG, in contrast, have designed their contract specifically to ensure this happens.

Whitehat Deadline

The Whitehat Withdrawal contract also has a timeout system for when DTH are able to withdraw their funds. This deadline will expire on January 10th 2018 (although it has been extended twice before), so attempts to withdraw after this deadline may be denied.

What next for the US$26 million of unclaimed ETC?

The next obvious question is:

What happens to the unclaimed funds on January 10th 2018?

There are four clear options at present:

Have WHG/Bity keep the funds as payment for their service, returning some of the ETC

Donate the funds to a charity or the “community”, perhaps the ETC, DTH or ETH community

Extend the deadline again

Commit to allowing withdrawals indefinitely, as with the ETH withdrawal contracts

An official response from Bity, suggested they may lean towards option two:

We feel that these funds should be donated to the DAO Token holders community where they originated from. After 6 months, we want to be able to donate these unclaimed funds to a community wide effort, like a foundation supporting smart contracts security. We want these funds to be used to develop the future of structures of Decentralized Governance, DAOs and smart contracts. We will see what options are available at the time.

Of course, questions of who represents the ‘DTH Community’ will arise, and whether or not the funds are being spent in a transparent matter may come into question. Due to the anonymous nature of who is behind WHG, it may be difficult for the community to properly audit the spending of these unclaimed funds.

Additionally, this arbitrary timeline that prevents individuals in the future from claiming funds that are rightfully theirs may result in future legal action. As such, there is a possibility that WHG is only left with option 3 or 4, and will potentially allow ETC withdrawals to continue in perpetuity.

However, January 2018 will be over 18 months after The DAO, a long time in the crypto space. In addition to this the price of both ETH and ETC has risen considerably since The DAO. Therefore perhaps some DTHs may forget about their tokens in all the excitement and wealth generation, which is prevalent in the Ethereum ecosystem.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.